sendmail: Introduction and Configuration

With the growth of the Internet, e-mail
has quickly become the main vehicle to spread information through
the public at large. As the demand for fast, cheap and reliable
e-mail grows, more individuals are turning to Linux to provide a
fast, cheap and reliable solution.

sendmail was originally developed by Eric Allman, in 1979, as
"delevermail", which first shipped with BSD 4.0. This program was
not very flexible and required configuration at compile time. With
the growth of TCP protocol and other factors, it became obvious
that delevermail was not flexible enough to handle these new
demands. Eric Allman had to recreate sendmail from scratch, and
what he produced has become the standard for MTAs. Rather than
reject messages that were did not conform to protocols, sendmail is
designed to be tolerant of these messages. For those individuals
who have never configured an e-mail server, this article will
demonstrate how to configure sendmail 8.11.2 after a fresh install
of Red Hat Linux 7.1.

By default, sendmail 8.11 is installed during the Red Hat
Linux 7.1 installation. As Red Hat has progressed over the years,
the installation process has become very easy. Though this article
will not go into installation details, further documentation is
provided on the Red Hat CD set.

For your new e-mail server to work, you must first get all
the DNS issues straight. First, add the hostname and IP address for
the new e-mail server to your DNS server and confirm the address
with nslookup:

It is also important that your administrator put a reverse
DNS entry to prevent delays in mail delivery. Most modern e-mail
servers use reverse lookup as a means of authentication for mail
transfer. Again, confirm this setting is correct using the nslookup
command on your IP address.

As you can see, the DNS entries are setup and working
correctly, so let's move on to actually configuring sendmail. By
default, sendmail installations on Red Hat will only allow SMTP
traffic on the localhost. The output of netstat -nl will show you
all ports that have a dæmon listening; note the line that
says 127.0.0.1:25. This means the server is only listening on the
loop back interface for connections on port 25 (SMTP).

This will keep your mail dæmon from accepting e-mail
from any computer except the localhost. To fix this issue, we must
tell sendmail to listen for connections on the external interface.
In the case of our new server, there is only one Ethernet card,
with eth0 being the external interface. To confirm the IP on eth0,
simply perform an ifconfig.
Depending on your configuration, this IP can be different than the
address defined by your DNS server, but in our example the
addresses are the same.

Now check to see if there has been a change with the netstat
-nl command. As you can see the output clearly shows that a
dæmon (sendmail) is listening on port 25 of the IP address
192.168.100.134 that is assigned to our interface eth0.

Now that we have sendmail accepting external connections, we
need to assign the domains that can be accepted. This can be
accomplished with the /etc/mail/local-host-names file. Simply put
the domain name, blank.com, in the file.

Once this information is saved in this file, restart the
sendmail dæmon with the rc script sendmail found in
/etc/init.d/sendmail restart. sendmail can accept e-mail for
multiple domains on the same server. Insert the domain name into
this file each time you want to add a new domain.

You now have a fully working e-mail server from the
localhost. It can accept e-mail from anywhere in the world, but can
only send e-mail or relay e-mail from the localhost. Another
default security feature is that sendmail will not allow the relay
of any mail to prevent spam originating from your server. If your
users log directly into the server, this configuration does not
need modification. But if your organization is like most, clients
are using e-mail from remote sites. If your users use clients like
KMail or Outlook Express, you will need to allow those machines to
relay e-mail using your new server, but you do not want to open
your site up to complete relay. This can be done by adding the
following line to the /etc/mail/access file and running the command
make access.db after saving that file.

blank.com RELAY
# Check the /usr/share/doc/sendmail-8.11.2/README.cf file for a
description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail-8.11.2/README.cf is part of the
sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
blank.com RELAY
[root@testmail mail]# make access.db
[root@testmail mail]#

The make access.db command will include your new setting in
the hash database used by sendmail to determine who can relay
e-mail off your server. This will allow connections from inside the
blank.com domain to relay e-mail from your new mail server, and
prevent use of the service to nonmembers. One can also put a subnet
of IPs, such as 192.168, to limit inside a domain. Keep in mind
that if this setting is to open, spammers can bounce huge amounts
of e-mail off your system.

Now that you can accept e-mail from anywhere in the world,
have configured your domain, and allowed relay e-mail for approved
clients, you may want to allow remote access to that mail. This can
be accomplished with IMAP or POP. With a default server install,
not all required packages are installed to make POP/IMAP mail work.
These services can be obtained by the installation of the
imap-2000-9 rpm package. To check the install status of this
package use the following command: rpm -aq | grep -i
imap. If no package is found, insert Disk 2 of the Red
Hat 7.1 installation disk set into your cd-rom and mount that
media. To accomplish this use the mount /dev/cdrom
/mnt/cdrom command.

With the correct package install, you now need to enable POP3
connections to your new e-mail server. This can be accomplished in
the /etc/xinetd.d directory by modifying the ipop3 file. Set the
value for disable to no, and save the file. Remember to maintain
the case as it appears in the file.

Now send a test e-mail to your new server and connect to the
server via your favorite pop client. You should now be able to
access your e-mail via POP protocol.

One final consideration about your new server is performance.
You may receive complaints about slow connection to your POP server
if the client traffic is being initiated from behind a firewall.
The reason for this delay is that your e-mail server initiates a
IDENT session with the client to confirm the identity of the
client. If there is no response to that query, the server will
invoke a timeout value set by default to 5 seconds. This value can
be reduced to 1 second to remove most of the delay caused by IDENT.
To change this value edit the /etc/sendmail.cf file, and reduce the
timeout value to the desired value.

Your e-mail server is now working and providing service to
your users. There are many more configurations for sendmail that
are beyond the scope of this article. Linux will provide a very
stable, robust platform for your e-mail needs. To find more
information about sendmail visit
www.sendmail.org.

Comment viewing options

Thanks for such a lovely doc however when I am doing the ifconfig it is not giving the host IP Address for SMTP Server and it is giving below IP 39.96.8.8. and I think that is the reason it is not giving the port 25 to listen to our IP, instaed it is shwoing 127.0.0.1(Local Host).

i think this is very very useful for me in clarifying various doubts.
but i wants deep in case of sendmail problenm regarding defered DNS I.E. dsn=4.0.0 , state=defered, connection refused by xxx.xxx.com etc
but very useful hint from /etc/mail/local-host-names

need some help
i have a smtp working with pop3 runing
my problem is some ips use my server for spam
how i can stop that?
tcp 0 0 nicolaescumalex.pi:smtp 221.221.234.210:2865 ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.234.227:2658 ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.255.137:bmap ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.255.94:2725 ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.255.94:4754 ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.232.215:2402 ESTABLISHED
tcp 0 0 nicolaescumalex.pi:smtp 221.221.255.137:4755 ESTABLISHED

this are the conection to my smtp

they are using big list of email address and have wrong addres in the list
i receive mails like this
From: Mail Delivery Subsystem
Subject: Postmaster notify: see transcript for details
This is a MIME-encapsulated message

--j867TerR011920.1125991785/nicolaescumalex.piatraneamt.rdsnet.ro

The original message was received at Tue, 6 Sep 2005 07:29:40 GMT

my question is
how they can access my smtp and how i can blok it??
thx

I am relitivly new to linux "mandrake 10.0" I have read your step by step on setting up sendmail..... "Perfect simple absolutly the best I have read". I can send emails externaly and localy but for the life of me I can not recieve mails sent to the mail server here. I have tryed everything I could think of and have read "including your step by step". Nothing seems to be working at all for me :(

I have a fully working sendmail set up going, I can send mail using a web client (Squirrelmail) and receive mail fine using a POP3 server and IMAP. I cannot send mail from home using a client like Outlook, I get "RELAY DENIED" error, but I can download my mail from the server.

I've tried auth settings on the client side, but nothing seems to work when I send mail to a domain not listed in my relay-domains list. Obviously I can't add all domains or *.com etc, as that will open the relay. Any ideas/comments/suggestions?!

I need to get this working, without using the ISP's SMTP server for sending, I've got a client that wants to use this server in house...

Now the problem is , I want my email server to accept anonymous emails i.e , if some one responds with anon123@xyz.com (ex my domain is xyz.com) and i don't have such user still i want his mail to land in my email server how do i do it ...........

Thank you so very much. I have been without email services on my server for a week because my new host doesn't "manage the servers". I actually did all the steps in reverse because I couldn't find a good (and short) guide, until I found this page using google.

use the chkconfig command for xinetd specific services. After you install the imap package, run chkconfig --list. This will list all rc startup services. Under xinetd you will see the xinetd specific services. ipop2, ipop3, imap, imaps, etc should all say 'no' under startup. Do a 'chkconfig ipop3 on' will turn on ipop3 for all runlevels. Using chkconfig accomplishes the same thing as editing the /etc/xinetd.d/ipop3 but is a cleaner way, and works for all startup rc scripts.

I'm senior Computer engineer from KMITL ( THAILAND ) My project is webmail opensource. I develop twig and must to config sendmail . I try for a week about sendmail. This article is greate,awful,Even i use mandrake but it work. Thank a lot. thank opensource. My email address is maydream@hotmail.com

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.